Changeset 95620 in vbox
- Timestamp:
- Jul 13, 2022 2:12:55 PM (2 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Runtime/common/crypto/pkcs7-sign.cpp
r95604 r95620 32 32 #include <iprt/crypto/pkcs7.h> 33 33 34 #include <iprt/err core.h>34 #include <iprt/err.h> 35 35 #include <iprt/string.h> 36 36 #include <iprt/crypto/digest.h> … … 138 138 * Do the signing. 139 139 */ 140 /* Create a ContentInfo we can modify using CMS_sign w/ CMS_PARTIAL. */ 140 141 unsigned int fOsslSign = CMS_BINARY | CMS_PARTIAL; 141 142 if (fFlags & RTCRPKCS7SIGN_SD_F_DEATCHED) … … 146 147 if (pCms != NULL) 147 148 { 148 CMS_SignerInfo *pSignerInfo = CMS_add1_signer(pCms, pOsslSigner, pEvpPrivateKey, pEvpMd, fOsslSign); 149 if (pSignerInfo) 149 /* Set encapsulated content type if present in the auth attribs. */ 150 uint32_t iAuthAttrSkip = UINT32_MAX; 151 for (uint32_t i = 0; i < pAdditionalAuthenticatedAttribs->cItems && RT_SUCCESS(rc); i++) 150 152 { 151 if (pAdditionalAuthenticatedAttribs) 152 for (uint32_t i = 0; i < pAdditionalAuthenticatedAttribs->cItems && RT_SUCCESS(rc); i++) 153 PCRTCRPKCS7ATTRIBUTE pAttrib = pAdditionalAuthenticatedAttribs->papItems[i]; 154 if ( pAttrib->enmType == RTCRPKCS7ATTRIBUTETYPE_OBJ_IDS 155 && RTAsn1ObjId_CompareWithString(&pAttrib->Type, RTCR_PKCS9_ID_CONTENT_TYPE_OID) == 0) 156 { 157 AssertBreakStmt(pAttrib->uValues.pObjIds && pAttrib->uValues.pObjIds->cItems == 1, 158 rc = VERR_INTERNAL_ERROR_3); 159 PCRTASN1OBJID pObjId = pAttrib->uValues.pObjIds->papItems[0]; 160 ASN1_OBJECT *pOsslObjId = OBJ_txt2obj(pObjId->szObjId, 0 /*no_name*/); 161 if (pOsslObjId) 153 162 { 154 PCRTCRPKCS7ATTRIBUTE pAttrib = pAdditionalAuthenticatedAttribs->papItems[i]; 155 X509_ATTRIBUTE *pOsslAttrib; 156 rc = rtCrOpenSslConvertPkcs7Attribute((void **)&pOsslAttrib, pAttrib, pErrInfo); 157 if (RT_SUCCESS(rc)) 163 rc = CMS_set1_eContentType(pCms, pOsslObjId); 164 ASN1_OBJECT_free(pOsslObjId); 165 if (rc < 0) 166 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_GENERIC_ERROR, 167 "CMS_set1_eContentType(%s)", pObjId->szObjId); 168 } 169 else 170 rc = RTErrInfoSet(pErrInfo, VERR_NO_MEMORY, "OBJ_txt2obj"); 171 172 iAuthAttrSkip = i; 173 break; 174 } 175 } 176 if (RT_SUCCESS(rc)) 177 { 178 /* Add a signer. */ 179 CMS_SignerInfo *pSignerInfo = CMS_add1_signer(pCms, pOsslSigner, pEvpPrivateKey, pEvpMd, fOsslSign); 180 if (pSignerInfo) 181 { 182 /* Add additional attributes, skipping the content type found above. */ 183 if (pAdditionalAuthenticatedAttribs) 184 for (uint32_t i = 0; i < pAdditionalAuthenticatedAttribs->cItems && RT_SUCCESS(rc); i++) 185 if (i != iAuthAttrSkip) 186 { 187 PCRTCRPKCS7ATTRIBUTE pAttrib = pAdditionalAuthenticatedAttribs->papItems[i]; 188 X509_ATTRIBUTE *pOsslAttrib; 189 rc = rtCrOpenSslConvertPkcs7Attribute((void **)&pOsslAttrib, pAttrib, pErrInfo); 190 if (RT_SUCCESS(rc)) 191 { 192 rc = CMS_signed_add1_attr(pSignerInfo, pOsslAttrib); 193 rtCrOpenSslFreeConvertedPkcs7Attribute((void **)pOsslAttrib); 194 if (rc <= 0) 195 rc = RTErrInfoSet(pErrInfo, VERR_NO_MEMORY, "CMS_signed_add1_attr"); 196 } 197 } 198 if (RT_SUCCESS(rc)) 199 { 200 /* Finally, produce the signed data. */ 201 rc = CMS_final(pCms, pOsslData, NULL /*dcont*/, fOsslSign); 202 if (rc > 0) 158 203 { 159 rc = CMS_signed_add1_attr(pSignerInfo, pOsslAttrib); 160 rtCrOpenSslFreeConvertedPkcs7Attribute((void **)pOsslAttrib); 161 if (rc <= 0) 162 rc = RTErrInfoSet(pErrInfo, VERR_NO_MEMORY, "CMS_signed_add1_attr"); 163 } 164 } 165 if (RT_SUCCESS(rc)) 166 { 167 rc = CMS_final(pCms, pOsslData, NULL /*dcont*/, fOsslSign); 168 if (rc > 0) 169 { 170 /* 171 * Get the output and copy it into the result buffer. 172 */ 173 BIO *pOsslResult = BIO_new(BIO_s_mem()); 174 if (pOsslResult) 175 { 176 rc = i2d_CMS_bio(pOsslResult, pCms); 177 if (rc > 0) 204 /* 205 * Get the output and copy it into the result buffer. 206 */ 207 BIO *pOsslResult = BIO_new(BIO_s_mem()); 208 if (pOsslResult) 178 209 { 179 BUF_MEM *pBuf = NULL; 180 rc = (int)BIO_get_mem_ptr(pOsslResult, &pBuf); 210 rc = i2d_CMS_bio(pOsslResult, pCms); 181 211 if (rc > 0) 182 212 { 183 AssertPtr(pBuf); 184 size_t const cbResult = pBuf->length; 185 if ( cbResultBuf >= cbResult 186 && pvResult != NULL) 213 BUF_MEM *pBuf = NULL; 214 rc = (int)BIO_get_mem_ptr(pOsslResult, &pBuf); 215 if (rc > 0) 187 216 { 188 memcpy(pvResult, pBuf->data, cbResult); 189 rc = VINF_SUCCESS; 217 AssertPtr(pBuf); 218 size_t const cbResult = pBuf->length; 219 if ( cbResultBuf >= cbResult 220 && pvResult != NULL) 221 { 222 memcpy(pvResult, pBuf->data, cbResult); 223 rc = VINF_SUCCESS; 224 } 225 else 226 rc = VERR_BUFFER_OVERFLOW; 227 *pcbResult = cbResult; 190 228 } 191 229 else 192 rc = VERR_BUFFER_OVERFLOW; 193 *pcbResult = cbResult; 230 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "BIO_get_mem_ptr"); 194 231 } 195 232 else 196 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "BIO_get_mem_ptr"); 233 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "i2d_CMS_bio"); 234 BIO_free(pOsslResult); 197 235 } 198 236 else 199 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "i2d_CMS_bio"); 200 BIO_free(pOsslResult); 237 rc = RTErrInfoSet(pErrInfo, VERR_NO_MEMORY, "BIO_new/BIO_s_mem"); 201 238 } 202 239 else 203 rc = RTErrInfoSet(pErrInfo, VERR_ NO_MEMORY, "BIO_new/BIO_s_mem");240 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "CMS_final"); 204 241 } 205 else206 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "CMS_final");207 242 } 243 else 244 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "CMS_add1_signer"); 208 245 } 209 else210 rc = RTErrInfoSet(pErrInfo, VERR_GENERAL_FAILURE, "CMS_add1_signer");211 246 CMS_ContentInfo_free(pCms); 212 247 }
Note:
See TracChangeset
for help on using the changeset viewer.
